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DETAILED ACTION 
Remarks 

1. In response to communications filed on 29-September-2006, claims 1-3, 9, 11, and 13 are 
amended per applicant's request. Claims 1-14 are presently pending in the application, of 
which, claims 1 and 9 are presented in independent form. 

2. Applicant's amendments have overcome the objections previously made to claims 1, 2, 9, 
and 11. The objections are therefore, withdrawn. 

Claim Rejections - 35 USC § 112 

3. The following is a quotation of the second paragraph of 35 U.S.C 1 12 : 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

4. Claims 1-8 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing 
to particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. 

Claims 1 and 3 are amended by the Applicant to recite the limitation, "operable to", 
followed by functional limitations, which renders the claim indefinite. A system being 
"operable to" indicates ability/capability of such system but not necessarily required 
functionality of the claimed invention. The Examiner cannot clearly establish whether the 
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functional limitations of "establishing" communications and access and "receiving" client 
identifiers are indeed required functions of the claim. 

Claims 2-8 are rejected under 35 U.S.C. 1 12, second paragraph, as dependents of 
independent claim 1 . 

The Applicant can overcome the above rejection by amending the claims to change 
"operable to" to "configured to, or by simply removing the word "operable" from the above 
claims (e.g., "an authentication server to establish . . .."; and, "said identification engine 
receives client identifiers . . . .".) 

Appropriate corrections are required. 



Claim Rejections - 35 USC § 101 

5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

6. Claims 1-14 remain rejected under 35 U.S.C. 101 because they include non-statutory subject 
matter. 

Claim 1 recites, "an automated authentication handling system", "comprising a server 
operable to establish a two-way trusted communication link with an authenticated user", and 
"establish access for the authenticated user". The claim fails to establish a clear result (leave 
alone a "tangible", "concrete", and "useful" result.) 



Application/Control Number: 09/675,399 Page 4 

Art Unit: 2165 

Claim 9 recites, "a method for automatically authenticating a client" comprising the steps 
of "identifying clients", and "establishing a two-way trusted communication link between a 
client and an application server. . the claim fails to establish a tangible result. 

"Establishing" a "two-way trusted communication link with an authenticated user" 
appears to be a decision based on whether or not the user is authenticated and further 
depending on a list of application servers associated with a client identifier. 

Neither independent claim mentioned above communicates (presents the result 
"establishment of the link") to the user. Nor is any indication of such "established 
communication" stored anywhere in memory. 

"establishment of communication" between two entities (a server and an authenticated 
user, in this case), by itself is not considered "tangible". The link may become tangible when 
it is used to transfer/move elements between the two entities, which is not presently recited in 
the rejected independent claims. 

Claims 2-8 and 14 are rejected under 35 U.S.C. 101 as dependents of rejected claim 1. 

Claims 10-13 are rejected under 35 U.S.C. 101 as dependents of rejected claim 9. 

Appropriate corrections are required. 

Claim Rejections - 35 USC §103 
7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

8. Claims 1-14 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gudbiartsson et 
al (U.S. Publication No. 2001/0027519 Al, hereinafter referred to as Gudbiartsson) in view 
of Reed et al (U.S. Patent No. 5,862,325, hereinafter referred to as Reed .) 

As to claim 1, Gudbiartsson teaches an automated (see Abstract and see paragraph 3) 
authentication handling system (see paragraphs 8, 10, and 31) for use by clients (see 
paragraphs 29 and 31) on a network (see paragraphs 29, 31 and 34) comprising: 

an authentication server (see paragraph 31, where "authentication server" is read on 
"system server 101 authenticates the user") operable to establish a two-way (see paragraphs 
8, 29 and 30) trusted communication link (see "secure environment" in paragraphs 7 and 9; 
and see paragraphs 29 and 30, where "trusted" is the security provided by the 'firewall 202') 
with an authenticated user (see paragraphs 29, 31, 34, and 48) associated with a client 
identifier (see "personal identifiers" in paragraphs 30 and 56.) 

Gudbiartsson does not teach access for the authenticated user to a list of application 
servers. 

Reed teaches a computer-based communication system (see Abstract), in which he 
teaches a link (see column 26, lines 60-66) for access by an authenticated user (see column 
26, lines 14-16) to a list of application servers (see figures 30, 31 A, and 3 IB, and see column 
103, lines 61-67, and column 104, lines 24-30.) 
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Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Gudbiartsson by the teaching of Reed , 
because including a link for access by an authenticated user to a list of application servers, 
would enable the system to provide secure means for authenticated clients to access desired 
web sites hosted by various servers throughout a network. For example, the system can 
provide a directory of partner service servers to the users, as taught by Reed . 

As to claim 2, Gudbiartsson as modified teaches wherein the authentication server (see 
Gudbiartsson , paragraph 31, where "authentication server" is read on "system server 101 
authenticates the user") includes: 

an identification engine configured to maintain collections of session assignments, each 
of the session assignment collections being associated with the client identifier (see 
Gudbiartsson , paragraphs 6-8, where "session assignment" is read on "security zones or 
domains".) 

As to claim 3, Gudbiartsson as modified teaches wherein said identification engine is 
operable to receive client identifiers from said clients (see Gudbiartsson , paragraph 56) to 
establish authenticated users (see Gudbiartsson , paragraph 37) and responsive thereto to 
provide a user interface to access said application servers according to said associated session 
assignments (see Gudbiartsson , paragraph 29.) 
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As to claims 4 and 5, Gudbiartsson as modified teaches wherein the authentication 
server (see Gudbiartsson , paragraph 31, where "authentication server" is read on "system 
server 101 authenticates the user") includes: 

a communication initiator engine (see Gudbiartsson , paragraph 39) configured to 
establish the trusted communication link between the authenticated users and an application 
server (see Gudbiartsson , "secure environment" in paragraphs 7 and 9; and see paragraphs 
29 and 30, where "trusted" is the security provided by the 'firewall 202'.) 

As to claim 6, Gudbiartsson as modified teaches wherein the session assignments 
include data fields (see Reed , column 67, line 64 through column 68, line 3) selected from 
the group consisting of session timeout and application access level (see Reed , column 70, 
line 63 through column 70, line 10.) 

As to claim 7, Gudbiartsson as modified teaches wherein the client identifier includes a 
user id (see Gudbiartsson , paragraph 35, where "user id" is read on "username") and 
password (see Gudbiartsson , paragraphs 50-54.) 

As to claim 8, Gudbiartsson as modified teaches wherein the authentication server (see 
Gudbiartsson , paragraph 31, where "authentication server" is read on "system server 101 
authenticates the user") includes a processor under the control of software (see "central 
processing unit" in Gudbiartsson , paragraph 25) to: 
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receive an authentication signal from the client (see Gudbiartsson , paragraph 56, and see 
Reed , column 28, lines 25-37); 

provide an application access interface to the client in response to the authentication 
signal (see Reed , figures 22-24); and 

establish the trusted communication link between the client and an application server 
selected from the application access interface (see Gudbiartsson , "secure environment" in 
paragraphs 7 and 9; and see paragraphs 29 and 30, where "trusted" is the security provided 
by the 'firewall 202'.) 

As to claim 9, Gudbiartsson teaches a method for automatically authenticating a client 
(see paragraphs 10 and 31) comprising the steps of: 

providing an authentication server (see paragraph 31, where "authentication server" is 
read on "system server 101 authenticates the user"); 

identifying clients to access an application servers by the authentication server (see 
paragraphs 7 and 35); and 

establishing a two-way (see paragraphs 8, 29 and 30) trusted communication link (see 
"secure environment" in paragraphs 7 and 9; and see paragraphs 29 and 30, where "trusted" 
is the security provided by the 'firewall 202') with an authenticated client (see paragraphs 29, 
31,34, and 48.) 

Gudbiartsson does not teach a plurality of application servers and access by an 
authenticated user to a plurality of application servers associated with a client identifier. 
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For the above teaching, the applicant is directed to the remarks and discussions made in 
claim 1 above, in view of the teachings of Reed . 

As to claim 10, Gudbjartssdn as modified teaches wherein the identifying step includes: 
providing session parameters for each of the identified clients for at least one of the 

application servers (see Gudbjartsson , paragraphs 6-8, and see Reed , column 34, lines 18- 

47.) 

As to claim 11, Gudbjartsson as modified teaches wherein the identifying step includes: 
providing a user interface to the identified clients for accessing the application servers 
(see Gudbjartsson , paragraphs 35 and 50-54, and see Reed , column 68, lines 9-13.) 

As to claim 12, Gudbjartsson as modified teaches wherein said establishing step 
includes: 

using said session parameters (see Gudbjartsson , paragraphs 6-8) to establish said 
trusted communication link (see Gudbjartsson , "secure environment" in paragraphs 7 and 9; 
and see paragraphs 29 and 30, where "trusted" is the security provided by the 'firewall 202'.) 

As to claim 13, Gudbjartsson as modified teaches wherein the user interface includes a 
listing of application servers (see Reed , figures 30, 31 A, and 3 IB, and see column 103, lines 
61-67, and column 104, lines 24-30) and the establishing step is initiated following a 
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selection of an application server by a user from the user interface (see Reed , column 26, 
lines 47-64.) 

As to claim 14, Gudbjartsson as modified teaches the method further comprising a 
plurality of application servers connected to the network (see Reed , figures 30, 31 A, and 
3 IB, and see column 103, lines 61-67, and column 104, lines 24-30), each requiring 
authentication for access (see Gudbjartsson , paragraphs 37 and 48, and see Reed , column 
153, lines 20-23.) 

Allowable Subject Matter 
9. Claim 3, 5, and 12 are objected to as being dependent upon a rejected base claim, but would 
be allowable if rewritten in independent form including all of the limitations of the base 
claim and any intervening claims, provided that the Applicant overcomes all rejections 
made in this case, under 35 U.S.C. 112 and 101, relating to these claims and to their 
base (independent) claims. 



Response to Arguments 
10. Applicant's arguments filed on 29-September-2006 with respect to the rejected claims in 
view of the cited references have been fully considered but they are either moot in view of 
the new grounds for rejection or they are not deemed persuasive: 
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The Applicant's arguments regarding the rejections made under 35 U.S.C. 101 have been 
fully considered but are not deemed persuasive. As detailed above in paragraphs 5-6, 
"establishment of communication" between two entities (a server and an authenticated user, 
in this case), by itself is not considered "tangible". The link may become tangible when it is 
used to transfer/move elements between the two entities, which is not presently recited in the 
rejected independent claims. Therefore, the Examiner maintains the rejections under 35 
U.S.C. 101. 



Applicant argues that, "Gudbjartsson does not disclose or suggest an authentication 
server adapted to establish a two-way trusted communication link for access by an 
authenticated user to a list of application servers associated with a client identifier. The 
Examiner respectfully disagrees. Gudbjartsson clearly teaches an authentication server (see 
paragraph 31, where "authentication server" is read on "system server 101 authenticates the 
user") operable to establish a two-way (see paragraphs 8, 29 and 30) trusted communication 
link (see "secure environment" in paragraphs 7 and 9; and see paragraphs 29 and 30, where 
"trusted" is the security provided by the 'firewall 202') with an authenticated user (see 
paragraphs 29, 31, 34, and 48) associated with a client identifier (see "personal identifiers" in 
paragraphs 30 and 56; and as detailed above, Reed teaches a link (see column 26, lines 60- 
66) for access by an authenticated user (see column 26, lines 14-16) to a list of application 
servers (see figures 30, 31A, and 31B, and see column 103, lines 61-67, and column 104, 
lines 24-30.) 
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Conclusion 

11. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office 
action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until 
after the end of the THREE-MONTH shortened statutory period, then the shortened statutory 
period will expire on the date the advisory action is mailed, and any extension fee pursuant to 
37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of 
this final action. 



12. Any inquiries concerning this communication or earlier communications from the examiner 
should be directed to Tony Mahmoudi whose telephone number is (571) 272-4078. The 
examiner can normally be reached on Mondays-Fridays from 08:00 am to 04:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jeffrey Gaffin, can be reached at (571) 272-4146. 
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